Issue No. 2 | January 2014

Monthly newsletter

The Bank of Russia and law enforcers will work together to prevent breaches of property rights related to the use of cryptocurrencies, the General Prosecutor's Office announced after a working group meeting between the Central Bank, the Federal Security Service, and the Ministry of Internal Affairs. The General Prosecutor's Office added that the working group members are relying on the experience of other countries to define key regulatory areas for the industry.

According to a report from Banki.ru, Roman Prokhorov, the deputy director of the Department for the National Payment System, said that the Bank of Russia has started implementing measures to protect data during money transfers, while speaking at the 6th Ural Banking Forum held in Magnitogorsk.

The State Duma has passed the first reading of a draft bill requiring information about data transferred over the Internet to be retained for 6 months. The bill is part of a counter-terror legislative package initiated following terrorist attacks in Volgograd at the end of last year. The package was prepared by a group of MPs headed by Irina Yarovaya, a United Russia member and Chair of the State Duma Committee for security and corruption issues.

Legislative news and regulatory recommendations

CBS News has published a confidential report by Canadian intelligence which shows that in 2012, the Communications Security Establishment Canada (CSEC), working in close cooperation with the American NSA, tested a Wi-Fi surveillance system capable of capturing information about wireless devices used by citizens visiting public premises (e.g. airports, libraries, hotels and cafes) with Wi-Fi hot spots.

As reported by the Prosecutor's Office for the Volgograd Region (PO), hackers used its official website to post misleading information about criminal actions planned against certain websites. According to RIA Novosti, the press release said that the PO was planning to make a request to block websites trading virtual currencies.

According to reports, law enforcement officials have informed the Kickstarter team about a successful hacking attack on their website. The attackers obtained access to the personal information of registered users.

According to Timur Batyrev, the head of the Department for the National Payment System at the Central Bank, Bitcoin is a pyramid scheme: "There will always be people looking for easy money who will buy bitcoins. But there will also be people to pay for them."

Card skimmers stole data from the bank card of the PayPal president David Marcus while he was traveling in the UK. Marcus wrote about the incident on his Twitter account, adding that it was an EMV chipped card.

According to the latest data, the number of data security incidents has doubled to about 22.5 cases per month, said Oleg Krylov, the head of the Central Department for Information Security and Protection of the Bank of Russia, speaking at the 6th Ural Banking Information Security Forum.

Sberbank of Russia has asked the Russian State Duma Committee for the Financial Market to consider stricter regulations on skimming crime. The news came from Sergey Bondarev, the deputy director heading the Security Department of Sberbank, as he spoke at the 6th Ural Banking Information Security Forum. Bondarev said Sberbank has proposed an additional Article 187.1 to the Russian Criminal Code that will be particularly focused on crime involving the use of skimming equipment. The bank would also like to see amendments to Article 187 of the Criminal Code (Production and sale of fake credit/payment cards and other payment documents).

The Sberbank Security Department, working in cooperation with law enforcement officers, has prevented a theft of more than 22 million Rubles from its customers' accounts, according to a press release issued by Sberbank.

Acting in the free spirit of the Internet, some of the largest companies in the U.S. have published internal statistics on requests they received from U.S. intelligence over the first six months of 2013. Yahoo alone received more than 30,000 user information requests, while Microsoft, Google and Facebook received for 16,000, 10,000 and 6,000 requests, respectively.

Zadarma.com and Sipnet.ru, two major VOIP providers, are not available in Belarus. The routing paths to their servers appear broken after reaching the gateways of BelTelecom, the only state-owned monopoly provider of external Internet in Belarus.

Articles

With network technologies such LAN, CAN and VPN becoming more widespread, businesses can set up quick and convenient data exchange at various distances. That said, protecting data within the corporate environment is as important as ever, remaining a serious concern for both SMEs and large businesses across industries. As a result, any business, large or small, almost inevitably faces the need to manage employee access rights based on data confidentiality.

Documents published by Edward Snowden, a former employee of the CIA and the NSA, contain some information about surveillance technology used by the NSA organized in the document as a short catalogue. A total of 48 pages, marked as either confidential or strictly confidential, provide short descriptions of surveillance technology, though the catalogue is not exhaustive.

It is a well known fact that the Sochi Olympic Games boasts a quick-response taskforce of tens of thousands of people dedicated to making the Games a success. However, even a taskforce as big as that still needs appropriate technology to support residents of the extensive resort city, which offers Alpine skiing facilities to many thousands of visitors flocking in from around the world.

Late last week, Adobe published update APSB14-07 to fix the CVE-2014-0502 flaw in its Flash Player. According to the security firm FireEye, a number of public and private websites have been compromised by the malware "iFrame," which redirects users to a website containing a 0day exploit. This attack exploits outdated libraries compiled without ASLR protection enabled, creating stable and transferrable ROP sequences to bypass the DEP protection. In Windows XP, ROP gadgets are created using msvcrt.dll.

German Chancellor Angela Merkel said on Saturday she would talk to French President Francois Hollande about building up a European communication network to avoid emails and other data passing through the United States.

The arrest, extradition and indictment of a Romanian who's alleged to have orchestrated one of the biggest ATM skimming rings in the U.S. illustrates how collaboration among international authorities is working to more swiftly bring global cybercrime leaders to justice (see Charges in ATM Skimming Scheme).

But this week's indictment of Marius Vintila is just a blip on the cyberthreat radar, says financial fraud analyst Al Pascual of the consultancy Javelin Strategy & Research. Much more still needs to be done to ensure global law enforcement authorities are catching cybercriminals sooner, and prosecuting them within shorter windows of time, he adds.

The Pentagon long has made a big effort to showcase its budding cyberwarfare capabilities. But the military has been less forthcoming about a key, more tangible component of cyber — electronic warfare – until now.

Energy companies should create a new industry-led body to deflect cyber threats to the electric grid — from large generators to local distribution utilities, according to a new report co-authored by Ret. Gen. Michael Hayden, former CIA and National Security Agency director.